Owner of the content within this article is www.msexchange.

org
Written by Marc Grote www.it-training-grote.de

Microsoft Exchange 2003 Domain Rename Rename a Windows 2003 Forest with
Exchange 2003 installed

Written by Marc Grote - mailto:grotem@it-training-grote.de

Abstract

In this article I will give you a Step by Step solution how to rename a Windows 2003 domain with
Exchange 2003 installed. This article will not explain every step how to do a domain rename. This
is documented in the Step-by-Step Guide to Implementing Domain Rename. You will find the
link at the end of this article.

The Windows Server 2003 Active Directory Domain Rename Tool provides a supported
methodology to rename one or more domains in an Active Directory forest. The DNS name and
the NetBIOS name of a domain can be changed using the domain rename procedure.

Note that implementing domain rename is a complex undertaking that requires thorough planning
and a good understanding of the domain rename procedure.

Lets begin

Before we are discussing the necessary steps for domain rename, you must ensure that you have
a functioning and current Backup of your Active Directory infrastructure and Exchange and that
you have a tested recovery plan in mind if domain rename fails.

In our example we have a Windows 2003 domain named msexchange.org. Msexchange.org has
the Windows Server 2003 forest functional level with Exchange 2003 SP1 installed. Due an
merger we would like to rename the domain to Msexchange.com.

Why a Domain Rename?

There are several reasons why a domain rename is neccassary. Some examples:

? Fear of making irreversible decisions about domain names and forest structure
? Delay any deployment while striving for perfectforest structure and domain names
? Changes in geography
? DNS structure change
? Unforeseen business dynamics necessitating domain name changes
? Company merger or acquisition
? Business unit reorganization

Supported Operations

The following operations are supported by RENDOM

? Rename the DNS name of a domain

? Rename the NetBIOS name of a domain
? Restructure a domain
? Move any non-root domain under a new parent domain in the same forest
? Move any non-root domain to a new tree in the same forest
? Simple rename without repositioning any domains in the forest structure
 ? Create a new domain-tree structure by repositioning domains within a tree
? Create new trees

Figure 1: An example of the domain rename process

Limitations

No good product without limitations and drawbacks. It is not possible to do all renaming
operations with RENDOM. The following limitations exist:

? The forest root domain is the root of one of these trees

? Forest must be well formed after the domain rename operation
? The DNS names of the domains comprising the forest form one or more trees
? Cannot have a domain whose domain name is subordinate to the domain name of an
Application Directory Partition root
? The forest root domain can be renamed, but must remain the forest root

Requirements for domain rename

? Windows Server 2003 forest functional level

? Account must be a member of the Enterprise Administrators group
? A single computer running any edition of Windows Server 2003 that is to be used as the
control station during a domain rename operation
? Latest domain rename tools published at the domain rename Web site:
http://go.microsoft.com/fwlink/?LinkId=5585
? DFS root servers running a minimum of Windows 2000 SP3 or later
Error Message of RENDOM when the Forest functional level is not Windows 2003

Figure 2: RENDOM error message because of wrong functional level

The domain rename Tool

Rendom.exe is the command-line utility for renaming domains in Windows Server 2003 forests.
Rendom is used to carry out the multiple steps in the domain rename procedure. You precede the
domain rename process by using Rendom to prepare a list of domains in the forest. You begin
the domain rename process by using Rendom to generate a script (Forest description file) that
contains the instructions for renaming domains in the forest. You use Rendom again to verify that
all DCs are adequately prepared (RENDOM /PREPARE) to make the necessary updates to
rename the domains. Finally, you use Rendom to execute (RENDOM /EXECUTE) the actual
domain rename instructions on every DC. Following the domain rename procedure, you use
Rendom to remove all metadata written to the directory by the domain rename operation.

You can download the domain rename Tools here:

http://www.microsoft.com/windowsserver2003/downloads/domainrename.mspx

Attention:

The RENDOM.EXE tool from the web doesnt work with Exchange installed. Use the version
from the Windows 2003 CD. An updated version of RENDOM.EXE is suspected in the future.

The installation of RENDOM is simple.

Doubleclick DOMAINRENAME.EXE. The process extracts two files:

? RENDOM.EXE
? GPFIXUP.EXE
Rendom has several command line switches:

Figure 3: RENDOM command line switches

The Domain Rename State File

As a result of the first command (RENDOM /LIST) you issue to begin the domain rename process,
Rendom creates an XML file called the state file, which contains the list of all DCs in the forest.
As DCs progress through the various steps in the procedure, Rendom updates the state file to
track the state of each DC relative to the completion of the domain rename process.
As you perform each step in the domain rename operation, Rendom automatically updates the
state file. By monitoring the states of completion of each DC in the state file, you receive the
information you need to issue the next Rendom command in the sequence. You can edit the state
file to temporary exclude some DC for domain renaming procedure.

Current Domain Names Generating the Forest Description File

The RENDOM /LIST command generates the current forest description and writes it to an output
file (DOMAINLIST.XML) using an XML-encoded structure. This file contains a list of all domains
and application directory partitions in the forest, along with the corresponding DNS and NetBIOS
names.

Each domain and application directory partition is also identified by a globally unique identifier
(GUID), which does not change with domain rename. To simplify specifying the new forest
structure, Rendom gathers and compiles the current forest structure automatically such that the
new forest structure can be overlaid on top of it.
Figure 4: DOMAINLIST.XML Forest description file

Simply replace the old ForestDNSZones and DomainDNSZones names with the new domain
name. You can (but not must) change the NetBIOSName. For large organizations I recommend
to use the search and replace function of your editor.

GPFIXUP

When the DNS name of a domain changes, any references to Group Policy Objects (GPOs)
within the renamed domain through Group Policy links (the gpLink attribute) on sites, domains,
and organizational units is rendered invalid because they are based on the old domain name.
Furthermore, the optional attribute gpcFileSysPath on a GPO that holds a uniform naming
convention (UNC) path to a Group Policy templates folder located in the sysvol volume of the
renamed domain will also be rendered invalid because the path uses the old domain DNS name.
To correct the severed Group Policy links and the invalid UNC paths in GPOs within the renamed
domain, you can use the Group Policy fix-up tool gpfixup.exe to refresh the Group Policy links
and the UNC paths in GPOs based on the new domain name.
The Group Policy fix-up tool should be run once for every renamed domain soon after the actual
domain rename operation has been completed and before another domain rename operation is
performed.

The fix-up tool gpfixup refreshes all intradomain GPO references/links (that is, where the link and
the target GPO are within the same domain) in the renamed domain. However, cross-domain
references to GPOs in the renamed domain, where the link is in a different domain from the
domain containing the GPO, will not be automatically rebuilt by this tool. For them to work, these
cross-domain links will need to be repaired manually by deleting the old Group Policy links and
re-establishing new links.
Figure 5: GPFIXUP command line switches

Preparatory Steps

It is not possible to explain every preparatory Step. For a detailed description see the domain
rename Whitepaper.

? Verify application and service compatibility

? Verify domain controller and replication health (Keyword: REPADMIN, DCDIAG,
REPLMON)
? Prepare trusts (Keyword: Create trusts as necassary)
? Prepare DNS zones Publishing (Keyword: Two Sets of Locator SRV Resource Records in
DNS)
? Prepare domain-based DFS paths (Keyword: DFS RootTarget)
? Prepare PKI (Keyword: CDP und AIA)
? Prepare member computers for host name changes
? Communicate with the user base (Keyword: inform every user before and after domain
rename)

WARNING:

Rendom.exe tool versions before version 1.2 did not detect Exchange 2000 and incorrectly
permitted domain rename operations. The actual version as I wrote this article was version 1.3.
The RENDOM.EXE tool from the web doesnt work with Exchange installed. Use the version
from the Windows 2003 CD. An updated version of RENDOM.EXE is suspected in the future.
Procedures of the Original Windows Server 2003 domain rename tool

Step Description
Step 1 Back up all domain controllers
Step 2 Set up the control station
Step 3 Generate the current forest description (rendom /list)
Step 4 Specify the new forest description
Step 5 Generate domain rename instructions (rendom /upload)
Step 6 Push domain rename instructions to all domain controllers and verify DNS
Step 7 Verify readiness of domain controllers (rendom /prepare)
Step 8 Execute domain rename instructions (rendom /execute)
Step 9 Unfreeze the forest configuration
Step 10 Re-establish external trusts
Step 11 Fix Distributed file system (Dfs) topology
Step 12 Fix group policy objects and links (gpfixup.exe)
After the Verify certificate security after domain rename
domain Miscellaneous tasks
rename Back up domain controllers
procedure Restart member computers
New: Verify the Exchange rename
New: If applicable, update Active Directory Connector (ADC)
Attribute clean up after domain rename
Rename domain controllers (optional)
New: Domain Controller Rename Follow-Up Steps
Source: Exchange Domain Rename Fix-up.doc with a few modifications

Important: To use this step by step Guide to rename Windows 2003 domains with Exchange 2003
installed, see the step by step guide later in this article.

RENDOM steps

Figure 6: Required RENDOM switches

Post Rename operations

? Enable old certificates and smart cards

? Enable and verify certificate security
? Back up domain controllers
? Communicate with user base
 ? Restart member computers (ALL)
? Rename domain controllers (optional)
? Clean up domain rename metadata (RENDOM /CLEAN)

Legacy Clients

If your environment consists of NT4 Clients, you have to unjoin and rejoin every client from the
domain because it is not possible with NT4 to automatically reflect the renamed domain.

Language Support

The domain rename tools can be used on all language versions of Windows Server 2003. There
are no language-specific versions of the tools.

XDR-fixup

Exchange Domain Rename Fix-Up (XDR-fixup.exe) fixes Exchange attributes after you rename a
domain that contains Exchange 2003 servers. XDR-fixup is available as part of the Exchange
2003 Web Tools as a separate Download. Point your browser to
http://www.microsoft.com/exchange/downloads/2003.asp.

XDR-fixup is not a replacement of the Windows 2003 domain rename tools. The Windows Server
2003 domain rename tools were originally designed for renaming domains in Microsoft Active
Directory directory service forests that do NOT contain Exchange 2000 or Exchange 5.5 servers.
This limitation was because of renaming a domain affects several Exchange attributes, and there
was no method for fixing these attributes. Microsoft Exchange Server 2003, however, is
compatible with the Exchange Domain Rename Fix-Up tool (XDR-fixup.exe), which fixes
Exchange attributes after a domain rename.

Domain rename is not supported in forests that contain Exchange 2000 or Exchange 5.5.

The installation of XDR-fixup is simple. Only doubleclick the installation file and follow the
instructions:

Figure 7: XDR-fixup setup

Running the XDR-fixup tool is an additional step required for doing a domain rename operation.
XDR-fixup modifies Exchange Active Directory attributes to reflect the new domain name.
The XDR-fixup tool does not replace the Windows Server 2003 domain rename tools, nor does it
extend the functionality of the domain rename tools. You must run XDR-fixup.exe every time you
run RENDOM /EXECUTE.

What does XDR-fixup NOT

Domain rename does not rename e-mail domains

Domain rename doesnt change any e-mail domain in Exchange doesnt change any recipient
policy. You must change your recipient policy after domain rename.

Domain rename does not rename the Exchange Organization

You cannot rename the Exchange Organization with the domain rename tool.

Domain rename does not merge Exchange Organizations

It is not possible with domain rename to merge two Exchange organizations into a single
Exchange organization.

Prerequisites

XDR-fixup has the following requirements:

Windows Server 2003 is required

All domain controllers must be running Windows Server 2003, and the Active Directory functional
level must be at the Windows Server 2003
Administrative privileges
The domain rename procedure requires enterprise administrative privileges to perform the steps
in the procedure. The account you use must also have Full Exchange Administrator permissions.
Exchange 2003 is required
The domain rename tools are supported in Exchange 2003; all Exchange servers in the
organization must be running Exchange 2003.
Exchange 2000 and Exchange 5.5 are not supported
The rendom.exe and XDR-fixup.exe tools are not supported in Exchange 2000 or Exchange 5.5.
If the rendom.exe tool detects Exchange 2000 servers, the tool will not proceed. However, the
tool will not detect whether Exchange 5.5 servers exist; do not attempt the operation if a domain
contains Exchange 5.5 servers. If any SRS instance is running in the forest, you must remove it
before the domain rename process begins.
Exchange must not be installed on domain controllers
To use the domain rename operation, Exchange must not be installed on any domain controllers
(if Exchange is loaded on a DC deinstal Exchange from it)

How to Use XDR-fixup

XDR-fixup has several command line switches:

Figure 8: XDR-fixup command line switches
XDR-fixup installs all executables into the following directory: \Program files\Exchsrvr\Exchange
Domain Rename Tools.

XDR-fixup integrates into the normal Windows 2003 domain rename steps with three additional
steps:

I will call the first Step Step 0 ?

The two steps between Step 8 and Step 9 are important for Exchange 2003 rename.

Domain rename steps with the new Exchange-related steps inserted

Step Description
Step 0 Preliminary Steps:
Move Exchange off of domain controllers
Discontinue Exchange Configuration Changes
Step 1 Back up all domain controllers
Step 2 Set up the control station
Step 3 Generate the current forest description (rendom /list)
Step 4 Specify the new forest description (save the original XML file as domainlist-
save.xml)
Step 5 Generate domain rename instructions (rendom /upload)
Step 6 Push domain rename instructions to all domain controllers and verify DNS
Create new DNS zones and settings with secure dynamic DNS updates
Step 7 Verify readiness of domain controllers (rendom /prepare)
Step 8 Execute domain rename instructions (rendom /execute) DC REBOOTS
-- New -- Update the Exchange configuration (run XDR-fixup)
-- New -- Restart all Exchange servers and Exchange System Manager clients twice
Step 9 Unfreeze the forest configuration
Step 10 Re-establish external trusts
Step 11 Fix Distributed file system (Dfs) topology
Step 12 Fix group policy objects and links (gpfixup.exe)
After the Verify certificate security after domain rename
domain Miscellaneous tasks
rename Back up domain controllers
procedure Restart member computers
New: Verify the Exchange rename
New: If applicable, update Active Directory Connector (ADC)
Attribute clean up after domain rename
Rename domain controllers (optional)
New: Domain Controller Rename Follow-Up Steps
Source: Exchange Domain Rename Fix-up.doc with a few modifications

It is not possible to explain every step in detail for this article. I will write a few lines to some step.
For detailed information see the corresponding Whitepaper.

Step 0 This should be clear to understand. Remove Exchange from every DC

Step 1 Back up all domain controllers to ensure that a failback in case of emergency is
possible
Step 2 Set up the control station. The control station must be a Member of the domain and
a Windows 2003 Server. You have to install the Windows Server 2003 support
 tools and the ADMINPAK.MSI. Install the RENDOM tool and the XDR-fixup on the
control station.
Step 3 Generate the current forest description (rendom /list)
Step 4 Specify the new forest description. To do so edit the file and change the names to
reflect the new domain name
Step 5 Generate domain rename instructions (rendom /upload)
Step 6 Push domain rename instructions to all domain controllers and verify DNS (rendom
uses a special RPC which it sends to every DC)
Step 7 Verify readiness of domain controllers (rendom /prepare)
Step 8 Execute domain rename instructions (rendom /execute)
-- New -- Update the Exchange configuration (run XDR-fixup)
-- New -- Restart all Exchange servers and Exchange System Manager clients twice
Step 9 Unfreeze the forest configuration
Step 10 Re-establish external trusts. You must re-astablish every external trusts because it
doesnt reflect the NETBIOS name changes. The interdomain trust will be
automatically fixed.
Step 11 Fix Distributed file system (Dfs) topology. You must use DFSUTIL to reference to
the new domain name
Step 12 Fix group policy objects and links (gpfixup.exe). GPFIXUP fixes GPO references to
the renamed domain name.

To run the XDR-fixup tool (between Steps 8 and 9 of the domain rename procedure),
perform the following steps:

Wait for ALL domain controllers to reboot and replication to complete.

Run the following command:
XDR-fixup /s:DOMAINLIST-SAVE.XML /e:DOMAINLIST.XML /trace:TRACEFILE
/changes:CHANGESCRIPT.LDF /restore:RESTORESCRIPT.LDF
Note: This step must be run only once per forest

Figure 9: XDR-fixup

Attention: Be sure that you specify the right credentials in the XDR-FIXUP command because the
NETBIOS domain name might be changed. You can also specify the credentials in UPN format
(username@domain.tld).

After the XDR-fixup command has run, log off the control station computer and immediately
Logon again.
Run the following command: LDIFDE i f CHANGESCRIPT.LDF
Restart ALL Exchange Servers
Verify successful Exchange Rename
Update Active Directory Connectors when you use the ADC for Interorganizsational restructuring
(Please keep in mind that XDR-Fixup is not supported for Exchange 2000 / 5.5 so when you
use ADC for Exchange 5.5 migrations).
You have successfully renamed Windows 2003 and patched Exchange 2003. This article ends
here. In a real life environment you have to fix a lot more components like

? Back up domain controllers

? Restart ALL member computers
? After the domain rename procedure verify certificate security after domain rename. You
must prepare the URLs for CDP and AIA Extensions after Domain Rename
? Verify sucessful Exchange rename (update recipient policy and more)
? Update Active Directory Connector (ADC) you use it for interdomain synchronization
? Attribute clean up after domain rename
? Rename domain controllers (optional)
? Prepare legacy clients (domain rejoin of all NT4 clients)

Conclusion

As you can see in this article it is not so easy to do a domain rename with Windows 2003 and
Exchange 2003.
Note that implementing domain rename is a complex process that requires thorough planning and
a good understanding of the domain rename procedure.
I have tested domain rename only in a Lab environment and I cannot recommend doing a domain
rename in a production environment.

Related Links

Windows 2003 Domain Rename information

http://www.microsoft.com/windows2000/downloads/tools/domainrename/default.asp
http://support.microsoft.com/default.aspx?scid=kb;EN-US;819145

Windows 2003 Domain Rename Tools

http://www.microsoft.com/windowsserver2003/downloads/domainrename.mspx

Exchange Server Domain Rename Fixup

http://www.microsoft.com/downloads/details.aspx?FamilyId=24B47D4A-C4B9-4031-B491-
29839148A28C&displaylang=en
http://support.microsoft.com/?id=838623